Return-Path: <> X-Original-To: www-data@webserver Delivered-To: www-data@webserver Received: by webserver.centroenergia.cl (Postfix) id B8F38203841; Tue, 11 Oct 2022 15:29:04 -0300 (-03) Date: Tue, 11 Oct 2022 15:29:04 -0300 (-03) From: MAILER-DAEMON@webserver (Mail Delivery System) Subject: Undelivered Mail Returned to Sender To: www-data@webserver Auto-Submitted: auto-replied MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary="8DE6720382A.1665512944/webserver.centroenergia.cl" Content-Transfer-Encoding: 8bit Message-Id: <20221011182904.B8F38203841@webserver.centroenergia.cl> This is a MIME-encapsulated message. --8DE6720382A.1665512944/webserver.centroenergia.cl Content-Description: Notification Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit This is the mail system at host webserver.centroenergia.cl. I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below. For further assistance, please send mail to postmaster. If you do so, please include this problem report. You can delete your own text from the attached returned message. The mail system (expanded from ): unknown user: "/usr/sbin/sendmail" <-i@webserver> (expanded from <-i>): bad address syntax <-t@webserver> (expanded from <-t>): bad address syntax : host gmail-smtp-in.l.google.com[142.251.0.26] said: 550-5.7.25 [200.9.100.182] The IP address sending this message does not have a 550-5.7.25 PTR record setup, or the corresponding forward DNS entry does not 550-5.7.25 point to the sending IP. As a policy, Gmail does not accept messages 550-5.7.25 from IPs with missing PTR records. Please visit 550-5.7.25 https://support.google.com/mail/answer/81126#ip-practices for more 550 5.7.25 information. s7-20020aca5e07000000b003544882ec3bsi10833164oib.66 - gsmtp (in reply to end of DATA command) --8DE6720382A.1665512944/webserver.centroenergia.cl Content-Description: Delivery report Content-Type: message/delivery-status Content-Transfer-Encoding: 8bit Reporting-MTA: dns; webserver.centroenergia.cl X-Postfix-Queue-ID: 8DE6720382A X-Postfix-Sender: rfc822; www-data@webserver Arrival-Date: Tue, 11 Oct 2022 15:29:03 -0300 (-03) Final-Recipient: rfc822; /usr/sbin/sendmail@webserver Original-Recipient: rfc822;/usr/sbin/sendmail@webserver Action: failed Status: 5.1.1 Diagnostic-Code: X-Postfix; unknown user: "/usr/sbin/sendmail" Final-Recipient: rfc822; -i@webserver Original-Recipient: rfc822;-i@webserver Action: failed Status: 5.1.3 Diagnostic-Code: X-Postfix; bad address syntax Final-Recipient: rfc822; -t@webserver Original-Recipient: rfc822;-t@webserver Action: failed Status: 5.1.3 Diagnostic-Code: X-Postfix; bad address syntax Final-Recipient: rfc822; oscarnunezmata@gmail.com Original-Recipient: rfc822;oscarnunezmata@gmail.com Action: failed Status: 5.7.25 Remote-MTA: dns; gmail-smtp-in.l.google.com Diagnostic-Code: smtp; 550-5.7.25 [200.9.100.182] The IP address sending this message does not have a 550-5.7.25 PTR record setup, or the corresponding forward DNS entry does not 550-5.7.25 point to the sending IP. As a policy, Gmail does not accept messages 550-5.7.25 from IPs with missing PTR records. Please visit 550-5.7.25 https://support.google.com/mail/answer/81126#ip-practices for more 550 5.7.25 information. s7-20020aca5e07000000b003544882ec3bsi10833164oib.66 - gsmtp --8DE6720382A.1665512944/webserver.centroenergia.cl Content-Description: Undelivered Message Content-Type: message/rfc822 Content-Transfer-Encoding: 8bit Return-Path: Received: by webserver.centroenergia.cl (Postfix, from userid 33) id 8DE6720382A; Tue, 11 Oct 2022 15:29:03 -0300 (-03) To: oscarnunezmata@gmail.com Subject: ::: Comunidad Solar :: "Your Site Has Been Hacked" X-PHP-Originating-Script: 5000:class-phpmailer.php Date: Tue, 11 Oct 2022 18:29:03 +0000 From: Richard Farias Reply-To: no-reply@imperial-lexis.com Message-ID: X-Mailer: PHPMailer 5.2.22 (https://github.com/PHPMailer/PHPMailer) X-WPCF7-Content-Type: text/plain MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit De: Richard Farias Asunto: Your Site Has Been Hacked Cuerpo del Mensaje PLEASE FoRWARD THiS EMAiL T0 SoMEoNE iN Y0UR CoMPANY WHo iS ALL0WED To MAKE iMPoRTANT DECiSi0NS! We have hacked y0ur website http://www.comunidadsolar.cl and extracted your databases. How did this happen? 0ur team has found a vulnerability within y0ur site that we were able t0 expl0it. After finding the vulnerability we were able to get y0ur database credentials and extract y0ur entire database and m0ve the inf0rmation to an offsh0re server. What does this mean? We will systematically go through a series of steps 0f t0tally damaging your reputation. First y0ur database will be leaked 0r s0ld to the highest bidder which they will use with whatever their intentions are. Next if there are e-mails f0und they will be e-mailed that their inf0rmati0n has been s0ld or leaked and y0ur site http://www.comunidadsolar.cl was at fault thusly damaging your reputati0n and having angry customers/associates with whatever angry cust0mers/associates do. Lastly any links that y0u have indexed in the search engines will be de-indexed based off 0f blackhat techniques that we used in the past to de-index 0ur targets. How do i stop this? We are willing t0 refrain fr0m destr0ying your site’s reputation for a small fee. The current fee is $3000 in bitc0ins (BTC). Please send the bitcoin to the foll0wing Bitcoin address (Make sure t0 copy and paste): 3AK3BE1RTd5yeEfMS46qY1q5d1zGeRWUbA once you have paid we will automatically get informed that it was your payment. Please n0te that y0u have t0 make payment within 5 days after receiving this e-mail or the database leak, e-mails dispatched, and de-index of your site WiLL start! H0w d0 i get Bitc0ins? Y0u can easily buy bitcoins via several websites or even offline fr0m a Bitc0in-ATM. What if i don’t pay? if y0u decide n0t t0 pay, we will start the attack at the indicated date and uph0ld it until you do, there’s no c0unter measure t0 this, y0u will only end up wasting more m0ney trying to find a soluti0n. We will c0mpletely destroy y0ur reputation amongst g0ogle and y0ur cust0mers. This is n0t a hoax, d0 n0t reply t0 this email, don’t try t0 reas0n or neg0tiate, we will not read any replies. 0nce you have paid we will st0p what we were doing and you will never hear fr0m us again! Please note that Bitcoin is anonymous and n0 0ne will find 0ut that you have c0mplied. -- Este correo fue enviado utilizando contact form en ::: Comunidad Solar :: (http://comunidadsolar.centroenergia.cl) --8DE6720382A.1665512944/webserver.centroenergia.cl--